NASA leaks staff and project data

14.01.2019

Back to news

NASA leaks data affecting employees and confidential project details. The bug was fixed within 3 weeks after the vulnerability got detected, and the fact that the error occurred to the Jira Server raises a concern.

Avinash Jain, security researcher, discovered the breach which happened due to misconfiguration. He addressed NASA via email but claimed they didn’t respond. Some settings of the app require fine tuning in order for the server to work correctly. The improperly adjusted Jira might expose corporate data on the Internet.

Jira’s permissions appeared to be a problem which triggered the leakage. The server’s feature which enables username and password extraction could be accessed freely. Filter settings were misconfigured compromising the safety of NASA projects. Together with filters which are used to manage tasks people’s names were exposed.